CVE-2024-1115 | openBI up to 1.0.8 Setting.php dlfile phpPath os command injection

Posted by Angelo Barbosa | Jan 31, 2024 | CVE

A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection.

The identification of this vulnerability is CVE-2024-1115. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-1115 | openBI up to 1.0.8 Setting.php dlfile phpPath os command injection

Related Posts

CVE-2024-39741 | IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9 URL path traversal (XFDB-296010)

CVE-2024-45856 | MindsDB ML Engine cross site scripting

CVE-2024-1547 | Mozilla Firefox up to 115.8 API improper restriction of rendered ui layers

CVE-2023-51559 | Foxit PDF Reader Doc out-of-bounds (ZDI-23-1872)